The Agent Skills Directory

[COMMAND_EXECUTION]: The skill mandates the execution of various Python scripts located within the .agent/skills/ directory structure, such as ux_audit.py and security_scan.py. This relies on the availability and security of scripts across multiple modules in the agent's environment.
[PROMPT_INJECTION]: The skill uses high-pressure instructional language including "CRITICAL," "MANDATORY," and "VIOLATION" to enforce a specific operational workflow, aiming to override the agent's default decision-making regarding task completion and error handling.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user-provided files (Ingestion points: Read and Edit tools) without boundary markers or sanitization. Combined with the capability to write files and execute scripts, an attacker could embed malicious instructions within code that the agent is instructed to "clean."
[COMMAND_EXECUTION]: Broad permissions to read and edit files, coupled with the "Boy Scout Rule" that encourages modifying dependencies, could lead to unintended changes in sensitive files if they are incorrectly identified as part of the application logic.

clean-code